In this article we present summary statistics and conclusions about privacy implications of Windows 10. This report is based on traffic recording of virtual machine with Windows 10, which was run continously for 346 days, from 2017-02-15 to 2018-01-27. After the installation, Windows 10 was left alone. This OS had default settings and was running without any third party software installed. In total, we have recorded and analyzed 55,945,178,210 bytes of received and transmitted data.

Windows 10 telemetry traffic collection experiment is over. We have collected 55,945,178,210 bytes of data, which was recorded continuously during 346 days, from 2017-02-15 to 2018-01-27.

Let’s discuss tools and scripts we need to extract useful statistics from these raw dumps of traffic. We will rely on tcpdump builtin filtering packets, and also on standard grep, sed and awk UNIX tools for processing text information extracted from these packets.

Our experiment is running smoothly. So far we have accumulated 17.9 Gb of data to be analyzed.

In the meanwhile, Microsoft has published two overviews of telemetry transmitted by Windows 10. These overviews are composed in such way that Basic level of telemetry appears to transmit a lot of data (it is presented in extremely detailed style) and Full level of telemetry appears to transmit much less data (it is presented in condensed style).

On the contrary, our measurements indicate that Full level of telemetry transmits much more bytes over the wire.

Windows 10 will run in the virtual machine powered by bhyve hypervisor, under FreeBSD 11.0 operating system. It will have access to the internet via virtual local network, and all its traffic will be recorded for further analysis. This virtual network will consist of two hosts: DHCP server/router and Windows 10 virtual machine.

In this part of the guide, we will configure network interfaces, firewall, routing, NAT, DHCP server, and also set up sshd and tmux for convenient remote access to our FreeBSD server.

In subsequent few months we will be conducting an experiment which involves installation of Windows 10 with default settings and recording all telemetry traffic which is transmitted by this OS. Received traffic will be recorded as well. Windows 10 will sit in mostly idle state for a few months in a virtual machine deployed on the always powered-on server. Besides basic OS setup, there will be not much activity in apps and browser, in order to record as much clean telemetry traffic of this OS as possible.

About this blog

This blog is run by PCMinistry Labs, an independent security research company. We are focused on the privacy implications and telemetry traffic analysis of modern operating systems, software and hardware appliances.